Difference between revisions of "User:Mchalmers"

Revision as of 18:29, 27 April 2019

I have written, spoken, and provided training (publicly and privately, classified and unclassified) on myriad subjects including cryptography, GRC, IT audit, penetration testing, and web/application vulnerability assessment.

I am currently ABD in pursuit of a doctoral degree in cybersecurity from Capitol Technology University. My dissertation involves a new approach to end-to-end email encryption and its usability.

I can be reached at matthew dot chalmers at owasp dot org.

OWASP Involvement

OWASP Wiki

• My wiki contributions

OWASP Projects

• Local Chapter Resources
• Certification Project (content owner/reviewer)
• Application Security Requirements Project (interim project manager)
• OWASP EU Summit 2008
  • OWASP PR Project
• Global Chapter Committee
• OWASP Global Summit 2011 - see my attendee bio
  • Audit Working Session Chair
  • PCI Working Session Co-Chair
  • Fundraising Appeal
• OWASP Governance Task Force
• OWASP Codes of Conduct
  • Certifying Bodies

OWASP Chapters

• Founding member of the original DC Local Chapter (which became the DC-Maryland chapter, then the Washington DC chapter)
  • Active member 2004-2005
  • Recorded meeting minutes and maintained chapter web pages (pre-wiki)
• Founder and former chapter leader of the original Milwaukee chapter
• "Member-at-Large"
  • Chicago chapter (2005-2012)
  • Milwaukee chapter (2005-2016)
  • Madison chapter (2012-2016)
  • Minneapolis-St. Paul chapter (2016-Present)

Non-OWASP Involvement

• ACM (Association for Computing Machinery)
  • SIGACT (Special Interest Group on Algorithms and Computation Theory)
  • SIGCAS (Special Interest Group on Computers and Society)
  • SIGCHI (Special Interest Group on Computer-Human Interaction)
  • SIGSAC (Special Interest Group on Security, Audit, and Control)
• CANOE (Committee to Ascribe a Nautical Origin to Everything)
• CSA (Cloud Security Alliance)
• EFF (Electronic Frontier Foundation)
  • Cooperating Tech
• IACR (International Association for Cryptologic Research)
• IATFF (Information Assurance Technical Framework Forum)
• IEEE (Institute of Electrical & Electronics Engineers)
  • Communications Society
    • Communications and Information Security Technical Committee
  • Computer Society
    • Cybersecurity Community
    • Technical Committee on Security & Privacy
  • Information Theory Society
  • Signal Processing Society Information Forensics and Security Technical Committee
• IIA (Institute of Internal Auditors)
  • Milwaukee Chapter Member, 2006-2012 & 2015-2016; Secretary of the Board, 2009-2011
  • Madison Chapter Member, 2012-2015; Invited Speaker, 2016
• IMI (Identity Management Institute)
• ISACA (Information Systems Audit and Control Association)
  • Kettle Moraine Chapter Member, 2006-2016; Invited Speaker, 2014
• ISoc (Internet Society)
  • IETF (Internet Engineering Task Force)
    • SAAG (Security Area Advisory Group)
  • IRTF (Internet Research Task Force)
    • CFRG (Crypto Forum Research Group)
• NIST (National Institute of Standards and Technology)
  • ITL (Information Technology Laboratory)
    • CSD (Computer Security Division)
      • CTG (Cryptographic Technology Group)
        • Cryptographic Key Management Project
• SANS Institute (System administration, Audit, Networking and Security Institute)
  • Mentor Program
• WASC (Web Application Security Consortium)
  • Articles Peer Review Team

"Credentials"

Certifications

• CDP - Certified in Data Protection
• CIAM - Certified Identity and Access Manager
• CIRM - Certified Identity Risk Manager
• ACE - AccessData Certified Examiner
• CCISO - Certified Chief Information Security Officer
• CISM - Certified Information Security Manager
• CCSK - Certified in Cloud Security Knowledge
• CRMA - Certified in Risk Management Assurance
• GCFA - GIAC Certified Forensic Analyst
• ITIL Foundation Certified
• CISA - Certified Information Systems Auditor
• CHS - Certified in Homeland Security
• CEH - Certified Ethical Hacker
• GSNA - GIAC-certified Systems and Network Auditor
• MCP - Microsoft Certified Professional

Training

• CoalFire - Adaptive Penetration Testing (5/2018)
• CITI - Human Subjects Research (10/2014)
• IIA - Risk-Based, Process-Oriented & Performance-Driven Operational Auditing (6/2013)
• IIA - Antifraud Controls using Data Mining and Continuous Monitoring Techniques (8/2011)
• ISACA - Auditing & Securing Cloud-Based Services (1/2011)
• ISACA - Information Security Management & Strategies for Implementing IT Governance (12/2010)
• PDS/SOScorp - ITIL v3 Foundation Course (9/2008)
• SANS - Computer Forensics, Investigation, and Response (4/2008)
• Entellus Technology Group - SAP ERP Basis Auditing & Security Risks (12/2007)
• SAP America - Virsa Compliance Calibrator Training (10/2006)
• IIA - SAP ERP Technical Audit (8/2006)
• SPI Dynamics - Web Application Security Assessment with WebInspect (11/2005)
• SANS - Hacker Techniques, Exploits and Incident Handling (10/2005)
• Infosec Institute - Advanced Ethical Hacking: Expert Penetration Testing (1/2005)
• Mile2 - Certified Ethical Hacker Training (7/2004)
• Foundstone - Ultimate Web Hacking (9/2003)
• Siegeworks - Advanced AppAuditor Training (12/2002)
• SANS - Auditing Networks, Perimeters, and Systems (4/2002)
• Sanctum - AppScan AppAuditor Training (5/2001)
• National Cryptologic School - Information Systems Security Engineering (2/2000)
• National Cryptologic School - Operational Information Systems Security (11/1998)

Education

• Doctor of Science (ABD), Cybersecurity, Capitol Technology University
  • Dissertation (WIP): User Perception of Utility Constraints in End-to-End Email Encryption Solutions
• Master of Science, Information Assurance, Capitol Technology University
• Bachelor of Arts, Psychology & Philosophy, Missouri University of Science & Technology
• Associate of Arts, Russian, Defense Language Institute